src/tests/whitespace_test | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

src/confdb/confdb.h | 3 1 + 2 - 0 !
src/examples/sssd.conf | 1 0 + 1 - 0 !
2 files changed, 1 insertion(+), 3 deletions(-)

---

src/tools/analyzer/sss_analyze | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix shebang on sss_analyze

s/python/python3/

Makefile.am | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 makefile: install dbus policy in /usr, not /etc

src/providers/ad/ad_gpo.c | 116 102 + 14 - 0 !
1 file changed, 102 insertions(+), 14 deletions(-)

 ad-gpo: use hash to store intermediate results

Currently after the evaluation of a single GPO file the intermediate
results are stored in the cache and this cache entry is updated until
all applicable GPO files are evaluated. Finally the data in the cache is
used to make the decision of access is granted or rejected.

If there are two or more access-control request running in parallel one
request might overwrite the cache object with intermediate data while
another request reads the cached data for the access decision and as a
result will do this decision based on intermediate data.

To avoid this the intermediate results are not stored in the cache
anymore but in hash tables which are specific to the request. Only the
final result is written to the cache to have it available for offline
authentication.